diff options
| author | Tom Lane | 2008-07-31 16:27:16 +0000 |
|---|---|---|
| committer | Tom Lane | 2008-07-31 16:27:16 +0000 |
| commit | 7bd7b2002bd018e25d024322c983e856237a50d9 (patch) | |
| tree | 9fbfc35e44f40e0a06feaf50b4b15725007ee073 /doc/src | |
| parent | c8572986ad138142acbf3215bb14214926e25ce5 (diff) | |
Require superuser privilege to create base types (but not composites, enums,
or domains). This was already effectively required because you had to own
the I/O functions, and the I/O functions pretty much have to be written in
C since we don't let PL functions take or return cstring. But given the
possible security consequences of a malicious type definition, it seems
prudent to enforce superuser requirement directly. Per recent discussion.
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/ref/create_type.sgml | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/doc/src/sgml/ref/create_type.sgml b/doc/src/sgml/ref/create_type.sgml index 665bc805af8..a5d07a21206 100644 --- a/doc/src/sgml/ref/create_type.sgml +++ b/doc/src/sgml/ref/create_type.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/ref/create_type.sgml,v 1.76 2008/07/30 19:35:12 tgl Exp $ +$PostgreSQL: pgsql/doc/src/sgml/ref/create_type.sgml,v 1.77 2008/07/31 16:27:16 tgl Exp $ PostgreSQL documentation --> @@ -99,7 +99,13 @@ CREATE TYPE <replaceable class="parameter">name</replaceable> <para> The third form of <command>CREATE TYPE</command> creates a new base type - (scalar type). The parameters can appear in any order, not only that + (scalar type). To create a new base type, you must be a superuser. + (This restriction is made because an erroneous type definition could + confuse or even crash the server.) + </para> + + <para> + The parameters can appear in any order, not only that illustrated above, and most are optional. You must register two or more functions (using <command>CREATE FUNCTION</command>) before defining the type. The support functions @@ -580,8 +586,8 @@ CREATE TYPE <replaceable class="parameter">name</replaceable> <para> Because there are no restrictions on use of a data type once it's been created, creating a base type is tantamount to granting public execute - permission on the functions mentioned in the type definition. (The creator - of the type is therefore required to own these functions.) This is usually + permission on the functions mentioned in the type definition. + This is usually not an issue for the sorts of functions that are useful in a type definition. But you might want to think twice before designing a type in a way that would require <quote>secret</> information to be used |